STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-209022r603263_rule
V-209022
SRG-OS-000096
OL6-00-000289
CAT III
10
The "netconsole" service is responsible for loading the netconsole kernel module, which logs kernel printk messages over UDP to a syslog server. This allows debugging of problems where disk logging fails and serial consoles are impractical. The "netconsole" service can be disabled with the following commands:
# chkconfig netconsole off
# service netconsole stop
To check that the "netconsole" service is disabled in system boot configuration, run the following command:
# chkconfig "netconsole" --list
Output should indicate the "netconsole" service has either not been installed, or has been disabled at all runlevels, as shown in the example below:
# chkconfig "netconsole" --list
"netconsole" 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Run the following command to verify "netconsole" is disabled through current runtime configuration:
# service netconsole status
If the service is disabled the command will return the following output:
netconsole is stopped
If the service is running, this is a finding.
V-209022
False
OL6-00-000289
To check that the "netconsole" service is disabled in system boot configuration, run the following command:
# chkconfig "netconsole" --list
Output should indicate the "netconsole" service has either not been installed, or has been disabled at all runlevels, as shown in the example below:
# chkconfig "netconsole" --list
"netconsole" 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Run the following command to verify "netconsole" is disabled through current runtime configuration:
# service netconsole status
If the service is disabled the command will return the following output:
netconsole is stopped
If the service is running, this is a finding.
M
2928